This is a two part post. I cannot stress enough to read all the directions. They are clear enough…
First part is Push Donor. This is for jailbroken iPhones that are activated via iTunes only (not hacktivated via blackra1n, PwnageTool if you kept “Pre-Activation” ticked, or redsn0w, this will NOT WORK for hacktivated iPhones), and for jailbroken iPod touch devices that can reboot untethered [iPod touch 1G and iPod touch 2G MB Model]. This is a two part process.
Push Donor is on NERV Repo, you download it and install it. Just installing Push Donor does nothing, you need to hook up to a computer as well in order to make use of this. It does NOT give you valid certs like Push Doctor, so do not bother installing this if you are not legitimately activated with iTunes. The second thing you need is the script to run on the computer. WARNING: According to anethema, it’s possible to end up having to restore your phone if you have used blackra1n to jailbreak your device, no matter if you hacktivate or not. While every hacktivated iPhone is uneligable to participate in cert donating, you cannot use Push Donor to supply certs if you’ve used blackra1n to jailbreak, as it installs a hacktivation dylib on every phone even if you activate normally with iTunes. When the script runs, the phone will re-hacktivate and the cycle will break and your phone could be potentially FUCKED. Do NOT, I repeat, DO NOT USE THIS IF YOU USED BLACKRA1N TO JAILBREAK.
Before we get to the scripts/application, if you’re on a Mac you will have to do some terminal and SSH work to get this working seamlessly, otherwise you will be prompted for a password on each cycle, so instead of constantly generating certs, you will get one done and then have to add your pass each time. This is not very productive. Let’s begin.
First open Cydia and install OpenSSH. Then, from your Mac, open up Terminal and SSH to the device using “root@ip.address.goes.here”. You will be prompted for authorization, say yes. Then enter the password for root which is alpine. Don’t really need to worry about security here so just keep moving.
Now that you’ve SSH’d to the device at least once, we going to do the following on the Mac:
exit
cd ~/.ssh
ssh-keygen -t rsa
Now just hit enter for each prompt. When you’re done:
ls -a
You should see “id_rsa.pub” in there. Let’s copy it to the desktop and rename it:
cp id_rsa.pub ~/Desktop/authorized_keys2
We’ll need that for later. Now let’s get back to the device:
ssh root@ip.address.goes.here [enter alpine as pass]
ssh user@mac.ip.address.here [replace user with the logon name you have for your mac]
You will be prompted for authorization, say yes, then enter your mac password.
Now quit terminal. Open up an AFC2 or SFTP client and browse to /var/root/.ssh and put the authorized_keys2 file we made on the desktop before in that directory.
Now, when you open up a terminal and SSH to the device, you should just automatically logon without being prompted for a password. Now you can follow the rest of the guide for Mac.
Mac: grabcerts.sh
Windows: CertGen
You will need to run these in order to make use of Push Donor. This will kill itunes, deactivate your phone or iPod, open itunes and activate then trigger the script and nimble on your phone or iPod to send the certs to the cert storage server, and will repeat the process over and over until you kill the script or program.
To run on Mac, you will have to unzip the file and run it in a terminal. To do so, run:
cd /path/to/script
chmod +x grabcerts.sh
./grabcerts.sh “ip-address-to-device”
This will trigger the script and will run until you kill Terminal.app. Just activate via iTunes to use your phone again after you kill the script if you still see the Emergency Call screen or the Connect to iTunes screen you see when you buy a fresh iPod touch from Apple (not recovery, you will see a battery in the top right of the screen).
If you want to use two devices (such as an iPod touch 1G and an iPhone 3GS, like I have), you will want to do the RSA fingerprinting on both devices as shown above, then download grabmorecerts.sh, unzip and do the following:
cd /path/to/script
chmod +x grabmorecerts.sh
./grabmorecerts “ip-of-1st-device” “ip-of-2nd-device”
Then just leave both devices plugged into the computer via USB and let the script do it’s thing.
To run on Windows, just launch the application and follow the instructions. To stop, just close the app and then activate your phone via iTunes if you still see the Emergency Call screen or the Connect to iTunes screen you see when you buy a fresh iPod touch from Apple (not recovery, you will see a battery in the top right of the screen).
While running these, leave the iPhone or iPod touch connected via USB so the reactivation process can complete and the process can cycle over again.
Once again, Push Donor and the appropriate computer scripts will NOT work if you are not able to activate legitimately via iTunes. It’s recommended that you put your iPhone or iPod touch on silent and run only when you do not have to use your iPhone or iPod touch for a lengthy period (while you sleep is probably the best).
========================
Nimble+Inject
This package is for those who are hacktivated ONLY and wish to backup their push certs and be able to restore them in case they have to restore so that they don’t have to kill time trying to hammer the Push Doctor server for a valid push cert.
This package installs MobileTerminal and OpenSSH, as it’s a command line set of utilities, and can be run either on the device via MobileTerminal or via SSH using PuTTY for Windows, Terminal.app on Mac OS X and Terminal on GNU/Linux distro’s. If you don’t know how to SSH from these apps, there are guides all over the internet. It’s very basic, I wont waste time explaining here.
To extract your certs, run:
su [root password required]
cd /private/var/Keychains
./nimble
This will generate 4 .bin files in the Keychains directory. These are your certs, store them in a safe and secure location.
To restore your certs, put those .bin files in /private/var/Keychains and run:
su [root password required]
cd /private/var/Keychains
./inject
This will restore your push certs.
If you happened to restore and forgot to backup according to this guide (and there are no certs available on the server), you can use nimble and inject and a friend’s iTunes activated and jailbroken iDevice to get push working again. Your friend’s iDevice must NOT have been jailbroken with blackra1n. <– VERY IMPORTANT
On your friend’s iPhone or iPod touch, follow the instructions as per nimble above.
Transfer the 4 bin files to your iPhone, then follow the instructions as per inject.
Next, you will need to deactivate and reactivate your friend’s iPhone or iPod touch. SSH into your friend’s device as root or open MobileTerminal on it and assume root privileges, and do the following commands:
rm -rf /var/root/Library/Lockdown
killall -TERM lockdownd SpringBoard
A connect to iTunes image (with a battery icon in the top right, this is NOT recovery mode DO NOT PANIC) will show up, simply reconnect your friend’s iDevice to iTunes and it will reactivate and can be used right away.
to run grabcerts, must put ip address of iPhone in quotes. For example, ./grabcerts “xxx.xxx.xxx.xxx”
[WORDPRESS HASHCASH] The poster sent us ’0 which is not a hashcash value.
Hi,
the installation with cydia seems to have a problem because it would need to overwrite the already installed inject (from push Doctor). Cydia then gets a dpkg error and aborts the installation. I will install it manualy now via ssh ( got the package via cyder)
Screenshot: http://redparkz.de/wp-content/uploads/2010/03/IMG_0150.png
Keep up the good work :)
If you’re referring to Nimble+Push, then it appears I made an error myself. I will update the package to just install Nimble, and I will add a package that will just install Inject (for those who may have restored but got their push certs backed up with Nimble).
Sorry, this one is my bad.
I had an issue installing Push Donor. Seems Cydia keept saying that there was an update for it.. I ran the windows script without updating Push Donor and it seems to be working fine. One thing to mention is that you’ll need to have SSH installed for the script to work.. Took me a sec to realize that..
I will change the dependencies to install OpenSSH if it’s not already present. Thanks for the headsup!
[WORDPRESS HASHCASH] The poster sent us ’0 which is not a hashcash value.
sorry to bother you again, but you seem to have made another mistake in the nimble package. The permissions are not right. They are set to (rw——- / read & write but not execute) So either you change that or everybody will have to change them with mobile terminal (after going to the keychains folder execute the following command: chmod 0755 nimble)
Great tool, thanks! :)
I found that permissions weren’t correct on ‘nimble’ – logged in as root – both ‘Group’ and ‘Owner’ were ’1000′ and permissions were 0600 – but I updated & it ran fine.
I’m guessing ‘inject’ would be the same.
Ok, I’ve fixed the perms on nimble and inject. They should run fine now, just tested on my own device.
For Push Donor, hod on a bit more, there’s some other info I need to add.
I cannot download the CertGen for Windows.
It’s broken link.
Can you provide another link?
Link is working fine, just tested myself.
Somehow, the certgen link is always broken in my laptop (firefox and chrome).
But, it’s oke.
My “iTunes Activated iPhone” was jailbroken using blackra1n, so I can’t use it anyway.
I guess I have to do it manually.
For the last 4 months I did it manually, and then gave the cert to my forum’s member for free.
I managed to generate 1 package certs every 15 minutes.
Pingback: FranklyOnline » Blog Archive » Push Doctor : gratis Push Fix för hackade iPhones
I just installed the push doctor successfully, but it doesn’t work ,I can’t receive any push message ,so my /private/var/Keychains have no Nimble and any .bin …
fix youtube
Created certificate data 808400
Created certificate 102020
Created private key 806C00
Created identity 1023C0
SecItemCopyMatching returns 0
Found old identity 101EE0
SecItemDelete returns 0
SecItemAdd returns 0, 102DB0
fix push
Created certificate data 809000
Created certificate 102020
Created private key 806C00
Created identity 102440
SecItemCopyMatching returns -25300
No old identity was found
SecItemAdd returns 0, 102E30
cleanup
No matching processes were found
Re-enabling push notifications…
Writing new value for SBRemoteNotificationsEnabled to /var/mobile/Library/Preferences/com.apple.springboard.plist
Restarting the Push Notification Daemon…
i want to know where is wrong ,please…
Pingback: How to backup your Push Certificates. « Mod Blog 101
I have installed Push Doctor. Do I need to install Push Donor / Nimble+Inject ?
When will you add more certificates? I am willing to donate.
I cannot install Push doctor. When will you add more certificates? I am willing to donate, too!
Thanks
Hi,
I hope this is the right place for my question…
I’ve been checking in every 20 minutes or so for the last couple of days and it seems like there haven’t been any new Push Doctor certificates recently.
Are there any plans of posting new ones, or should I stop refreshing the page to check…?
Are new certs still being generated? Haven’t seen the counter change from “0″ in a few days.
Thanks.
Pingback: iPhone Enthusiast » Donate Push Certificates!
I installed Push Doctor a couple of days after it was made available. It worked fine at first but I realized after time that they the push notifications were not coming on time & then eventually not at all.
I reinstalled Push Doctor & it worked again, but only for a couple of seconds. Now it only works right after a reboot & sometimes during calls.
Any ideas what’s wrong?
I have 2 sets of Certificates that I backed up on my computer.
I am no longer using them.
I no longer have the phones that once used them since I got 2 new iPhone 4s
Can I donate them back? Where can I send them?
Hi i cant generate my bin files with nimble
i give the command
cd /private/var/Keychains./nimble
but it gives error
i tried thru terminal and even with winSCP
plz help